Example: Create an IPv4 VPC and Subnets Using the
AWS CLI

The following example uses AWS CLI commands to create a nondefault VPC with an IPv4
CIDR
block, and a public and private subnet in the VPC. After you've created the VPC and
subnets,
you can launch an instance in the public subnet and connect to it. To begin, you must
first
install and configure the AWS CLI. For more information, see Getting Set Up with the AWS Command Line
Interface.

Step 1: Create a VPC and Subnets

The first step is to create a VPC and two subnets. This example uses the CIDR block
10.0.0.0/16 for the VPC, but you can choose a different CIDR block. For more
information, see VPC and Subnet Sizing.

To create a VPC and subnets using the AWS CLI

Create a VPC with a 10.0.0.0/16 CIDR block.

Copy

aws ec2 create-vpc --cidr-block 10.0.0.0/16

In the output that's returned, take note of the VPC ID.

{
"Vpc": {
"VpcId": "vpc-2f09a348",
...
}
}

Using the VPC ID from the previous step, create a subnet with a 10.0.1.0/24 CIDR
block.

Copy

aws ec2 create-subnet --vpc-id vpc-2f09a348 --cidr-block 10.0.1.0/24

Create a second subnet in your VPC with a 10.0.0.0/24 CIDR block.

Copy

aws ec2 create-subnet --vpc-id vpc-2f09a348 --cidr-block 10.0.0.0/24

Step 2: Make Your Subnet
Public

After you've created the VPC and subnets, you can make one of the subnets a public
subnet by attaching an Internet gateway to your VPC, creating a custom route table,
and
configuring routing for the subnet to the Internet gateway.

The route table is currently not associated with any subnet. You need to associate
it with a
subnet in your VPC so that traffic from that subnet is routed to the Internet gateway.
First, use the describe-subnets command to get your subnet IDs. You can use
the --filter option to return the subnets for your new VPC only, and the
--query option to return only the subnet IDs and their CIDR
blocks.

You can optionally modify the public IP addressing behavior of your subnet so that
an instance launched into the subnet automatically receives a public IP address.
Otherwise, you should associate an Elastic IP address with your instance after launch
so
that it's reachable from the Internet.

Step 3: Launch an Instance
into Your Subnet

To test that your subnet is public and that instances in the subnet are accessible
via the
Internet, launch an instance into your public subnet and connect to it. First, you
must
create a security group to associate with your instance, and a key pair with which
you'll
connect to your instance. For more information about security groups, see Security Groups for Your VPC. For more information
about key pairs, see Amazon EC2 Key
Pairs in the Amazon EC2 User Guide for Linux Instances.

To launch and connect to an instance in your public subnet

Create a key pair and use the --query option and the --output text
option to pipe your private key directly into a file with the .pem
extension.

In this example, you launch an Amazon Linux instance. If you use an SSH client on
a Linux or
Mac OS X operating system to connect to your instance, use the following command to
set
the permissions of your private key file so that only you can read it.

Copy

chmod 400 MyKeyPair.pem

Create a security group in your VPC, and add a rule that allows SSH access from anywhere.

If you use 0.0.0.0/0, you enable all IPv4 addresses to access your instance using
SSH. This is acceptable for this short exercise, but in production,
authorize only a specific IP address or range of addresses.

Launch an instance into your public subnet, using the security group and key pair
you've
created. In the output, take note of the instance ID for your instance.

In this example, the AMI is an Amazon Linux AMI in the US East (N. Virginia) region.
If you're in a
different region, you'll need the AMI ID for a suitable AMI in your region. For more
information, see Finding a Linux
AMI in the Amazon EC2 User Guide for Linux Instances.

Your instance must be in the running state in order to connect to it.
Describe your instance and confirm its state, and take note of its public IP
address.

Step 4: Clean Up

After you've verified that you can connect to your instance, you can terminate it
if you
no longer need it. To do this, use the terminate-instances command. To
delete the other resources you've created in this example, use the following commands
in
their listed order: